BUG: unable to handle page fault for address: ffffffffff600000
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 6e12067 P4D 6e12067 PUD 6e14067 PMD 6e16067 PTE 0
Oops: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 65 Comm: jbd2/sda1-8 Not tainted 6.1.75-syzkaller-00017-g51c421385e7a #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
RIP: 0010:copy_from_kernel_nofault+0x86/0x2d0 mm/maccess.c:36
Code: 48 89 55 d0 0f 85 de 01 00 00 ff 02 bf 07 00 00 00 4c 89 ee e8 bb 3a d2 ff 49 83 fd 07 76 58 4d 89 fe 49 83 c7 08 49 83 c5 f8 <49> 8b 1c 24 4c 89 f0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 80
RSP: 0018:ffffc90000937418 EFLAGS: 00010257
RAX: 0000000000000000 RBX: 00007ffffffff000 RCX: ffff88810d516540
RDX: ffff88810d5170e0 RSI: 0000000000000008 RDI: 0000000000000007
RBP: ffffc90000937450 R08: ffffffff81a33995 R09: ffffed1021aa2ca9
R10: 0000000000000000 R11: dffffc0000000001 R12: ffffffffff600000
R13: 0000000000000000 R14: ffffc900009374a8 R15: ffffc900009374b0
FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffff600000 CR3: 0000000144a11000 CR4: 00000000003506a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 bpf_probe_read_kernel_common kernel/trace/bpf_trace.c:230 [inline]
 ____bpf_probe_read_compat kernel/trace/bpf_trace.c:294 [inline]
 bpf_probe_read_compat+0x112/0x180 kernel/trace/bpf_trace.c:287
 bpf_prog_49c7f88809d02740+0x42/0x44
 bpf_dispatcher_nop_func include/linux/bpf.h:987 [inline]
 __bpf_prog_run include/linux/filter.h:600 [inline]
 bpf_prog_run include/linux/filter.h:607 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:2275 [inline]
 bpf_trace_run3+0x177/0x2e0 kernel/trace/bpf_trace.c:2315
 __bpf_trace_block_bio_remap+0x2b/0x40 include/trace/events/block.h:479
 trace_block_bio_remap include/trace/events/block.h:479 [inline]
 blk_partition_remap block/blk-core.c:549 [inline]
 submit_bio_noacct+0x17b7/0x1820 block/blk-core.c:745
 submit_bio+0x15d/0x210 block/blk-core.c:836
 submit_bh_wbc+0x495/0x4f0 fs/buffer.c:2750
 submit_bh+0x1d/0x30 fs/buffer.c:2755
 journal_submit_commit_record+0x7b1/0xa80 fs/jbd2/commit.c:160
 jbd2_journal_commit_transaction+0x39fe/0x5f20 fs/jbd2/commit.c:916
 kjournald2+0x437/0x7a0 fs/jbd2/journal.c:210
 kthread+0x26d/0x300 kernel/kthread.c:386
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
 </TASK>
Modules linked in:
CR2: ffffffffff600000
---[ end trace 0000000000000000 ]---
RIP: 0010:copy_from_kernel_nofault+0x86/0x2d0 mm/maccess.c:36
Code: 48 89 55 d0 0f 85 de 01 00 00 ff 02 bf 07 00 00 00 4c 89 ee e8 bb 3a d2 ff 49 83 fd 07 76 58 4d 89 fe 49 83 c7 08 49 83 c5 f8 <49> 8b 1c 24 4c 89 f0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 80
RSP: 0018:ffffc90000937418 EFLAGS: 00010257
RAX: 0000000000000000 RBX: 00007ffffffff000 RCX: ffff88810d516540
RDX: ffff88810d5170e0 RSI: 0000000000000008 RDI: 0000000000000007
RBP: ffffc90000937450 R08: ffffffff81a33995 R09: ffffed1021aa2ca9
R10: 0000000000000000 R11: dffffc0000000001 R12: ffffffffff600000
R13: 0000000000000000 R14: ffffc900009374a8 R15: ffffc900009374b0
FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffff600000 CR3: 0000000144a11000 CR4: 00000000003506a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	48 89 55 d0          	mov    %rdx,-0x30(%rbp)
   4:	0f 85 de 01 00 00    	jne    0x1e8
   a:	ff 02                	incl   (%rdx)
   c:	bf 07 00 00 00       	mov    $0x7,%edi
  11:	4c 89 ee             	mov    %r13,%rsi
  14:	e8 bb 3a d2 ff       	call   0xffd23ad4
  19:	49 83 fd 07          	cmp    $0x7,%r13
  1d:	76 58                	jbe    0x77
  1f:	4d 89 fe             	mov    %r15,%r14
  22:	49 83 c7 08          	add    $0x8,%r15
  26:	49 83 c5 f8          	add    $0xfffffffffffffff8,%r13
* 2a:	49 8b 1c 24          	mov    (%r12),%rbx <-- trapping instruction
  2e:	4c 89 f0             	mov    %r14,%rax
  31:	48 c1 e8 03          	shr    $0x3,%rax
  35:	48 b9 00 00 00 00 00 	movabs $0xdffffc0000000000,%rcx
  3c:	fc ff df
  3f:	80                   	.byte 0x80